UX of Passwords | Refresh Seattle | Claire Carlson

Download UX of Passwords  |  Refresh Seattle  |  Claire Carlson

Post on 14-Jul-2015




4 download

Embed Size (px)


<ul><li><p>UX of Passwords </p></li><li><p>Im Claire from Blink. </p></li><li><p>Venmo</p></li><li><p>1. Current password UX2. How it can be improved 3. The future of passwords</p></li><li><p>What if your identity was stolen? </p></li><li><p>Let me tell you about </p><p>Steve.</p></li><li><p>1. Freeze bank accounts2. Open new accounts3. Set fraud alert on SS#4. Repayment pending an investigation5. Reset auto-withdrawal accounts</p></li><li><p>What have we heard makes passwords secure?</p></li><li><p>8+ characters 1+ numbers 1+ symbols </p><p>Camp 1 Camp 2 </p><p>A really, really long string</p></li><li><p>Why two camps?My Hypothesis: </p><p>Camp 1 Camp 2 </p></li><li><p>Humans are not good at being random.</p></li><li><p>1 123456 (Unchanged from 2013) 2 password (Unchanged) 3 12345 (Up 17) 4 12345678 (Down 1) 5 qwerty (Down 1) 6 1234567890 (Unchanged) 7 1234 (Up 9) 8 baseball (New) 9 dragon (New) 10 football (New) 11 1234567 (Down 4) 12 monkey (Up 5) 13 letmein (Up 1) </p><p>14 abc123 (Down 9) 15 111111 (Down 8) 16 mustang (New) 17 access (New) 18 shadow (Unchanged) 19 master (New) 20 michael (New) 21 superman (New) 22 696969 (New) 23 123123 (Down 12) 24 batman (New) 25 trustno1 (Down 1) </p><p>Most Common Passwords: </p><p>hGp://www.splashdata.com/ </p></li><li><p>Do people feel secure online?</p></li><li><p>300 People 4 Questions Across the U.S. </p><p>I asked </p></li><li><p>Knowledge of Hacks</p></li><li><p>Password Habits</p></li><li><p>Reasons for Changing Passwords</p></li><li><p>So what? </p></li><li><p>Passwords are broken! </p></li><li><p>We are responsible for a better password UX. </p></li><li><p>Ideas for improving current password UX.</p></li><li><p>Poor Security &amp; Good UX </p><p>Good Security &amp; Poor UX </p></li><li><p>1. Make security a priority.</p></li><li><p>2. Make Change Password prominent.</p></li><li><p>Changing iCloud Password</p></li><li><p>1Password Dashlane</p></li><li><p>3. Remind users to change their password every 6 months.</p></li><li><p>4. Provide 2-step verification.</p></li><li><p>GeQng into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to TwiGer. Had I used two-factor authenZcaZon for my Google account , its possible that none of this would have happened. </p><p>- MaG Honan, WIRED </p></li><li><p>he very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform idenZty vericaZon. </p><p>- MaG Honan, WIRED </p></li><li><p>Digits </p></li><li><p>Google Security Key</p></li><li><p>5. Incentivize good security habits. </p></li><li><p>6. Advise users to create long strings, not random strings. </p></li><li><p>hGp://xkcd.com/936/ </p></li><li><p>hGp://xkcd.com/936/ </p></li><li><p>7. Show requirements all the time.</p></li><li><p>8. Show password characters. </p></li><li><p>If people attempt to recover a password while checking out on a e-commerce site, 75% wont complete their purchase. </p><p> Jared Spool </p></li><li><p>Masking passwords doesn't even increase security, but it does cost you business due to login failures.</p><p> Nielsen Norman Group </p></li><li><p>hGp://uxmovement.com/forms/why-password-masking-can-hurt-your-sign-up-form/ </p></li><li><p>hGp://www.lukew.com//entry.asp?1941 </p></li><li><p>9. Timeout after five failed login attempts.</p></li><li><p>10. Ask security questions when a user calls customer service and when a user logs in from a new device or network.</p></li><li><p>What does the future of passwords look like?</p></li><li><p>Nobody is hack-proof.</p></li><li><p>Dont let this happen </p><p>to your users.</p></li><li><p>Where do you see authentication </p><p>heading?</p></li><li><p>Thank you! @TheNextUX</p></li></ul>